Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
What engine parameters would be acceptable to tune out false positives. I do understand that this is network specific, but was looking for other's averages. SERVICE.SMB (6255)? I'm thinking HitCount= ~25FLOOD.NET (UDP)? I'm thinking Rate=4900FLOOD.NE...
Any news on the TAC explanation? We had this issue, but it seemed that overwriting the S125 with two signature upgrades 'fixed' the problem. I have a before and after sh ver on what did not and what did work.sh ver (not working)* IDS-sig-4.1-4-S125 ...
